Assalamualaikum Wr.Wb...
dengan diberikan nikmat dan rezeki dari Allah SWT, saya Mr.GagalTotal666 akan
berbagi kepada anda tentang tools pentest yaitu PhpSploit -
Stealth Post-Exploitation Framework di GNU/Linux.
informasi dan penjelasan tentang
informasi dan penjelasan tentang
PhpSploit menurut dari sumber github
PhpSploit adalah kerangka kerja remote control,
PhpSploit adalah kerangka kerja remote control,
yang bertujuan untuk menyediakan koneksi seperti shell siluman
interaktif melalui HTTP antara klien dan server web.
Ini adalah alat pasca-eksploitasi yang mampu mempertahankan
Ini adalah alat pasca-eksploitasi yang mampu mempertahankan
akses ke server web yang dikompromikan
untuk tujuan eskalasi hak istimewa.
Overview PhpSploit
menggunakan header HTTP di bawah permintaan
Overview PhpSploit
menggunakan header HTTP di bawah permintaan
klien standar dan tanggapan relatif web server,
diterobos melalui backdoor polimorfik kecil
contoh isi backdoor
contoh isi backdoor
$ <?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>
run command information exploit
$ backdoor
menggunakan slash (/) bash karena PhpSploit
di buat dan di compile dengan bahasa pemrograman python
run PhpSploit
Python Version
Only compatible with python >= 3.x Mostly tested with python 3.5.x
run PhpSploit
$ ./phpsploit
pastikan anda berada di directory PhpSploit nya
Features PhpSploit
Efficient : More than 20 plugins to automate post-exploitation tasks
- Run commands and browse filesystem, bypassing PHP security restrictions
- Upload/Download files between client and target
- Edit remote files through local text editor
- Run SQL console on target system
- Spawn reverse TCP shells
Stealth : The framework is made by paranoids, for paranoids
- Nearly invisible by log analysis and NIDS signature detection
- Safe-mode and common PHP security restrictions bypass
- Communications are hidden in HTTP Headers
- Loaded payloads are obfuscated to bypass NIDS
- http/https/socks4/socks5 Proxy support
Convenient : A robust interface with many crucial features
- Detailed help for any command or option (type help)
- Cross-platform on both the client and the server.
- Powerful interface with completion and multi-command support
- Session saving/loading feature & persistent history
- Multi-request support for large payloads (such as uploads)
- Provides a powerful, highly configurable settings engine
- Each setting, such as user-agent has a polymorphic mode
- Customisable environment variables for plugin interaction
- Provides a complete plugin development API
Features PhpSploit
Efficient : More than 20 plugins to automate post-exploitation tasks
- Run commands and browse filesystem, bypassing PHP security restrictions
- Upload/Download files between client and target
- Edit remote files through local text editor
- Run SQL console on target system
- Spawn reverse TCP shells
Stealth : The framework is made by paranoids, for paranoids
- Nearly invisible by log analysis and NIDS signature detection
- Safe-mode and common PHP security restrictions bypass
- Communications are hidden in HTTP Headers
- Loaded payloads are obfuscated to bypass NIDS
- http/https/socks4/socks5 Proxy support
Convenient : A robust interface with many crucial features
- Detailed help for any command or option (type help)
- Cross-platform on both the client and the server.
- Powerful interface with completion and multi-command support
- Session saving/loading feature & persistent history
- Multi-request support for large payloads (such as uploads)
- Provides a powerful, highly configurable settings engine
- Each setting, such as user-agent has a polymorphic mode
- Customisable environment variables for plugin interaction
- Provides a complete plugin development API
Platform yang didukung sebagai penyerang(As Attacker) :
- GNU/Linux
- Mac OS X
Platform yang didukung sebagai target(As Target) :
- GNU/Linux
- BSD Like
- Mac OS X
- Windows NT
Github PhpSploit
PhpSploit
gagaltotal PhpSploit
oke mungkin itu saja mengenai PhpSploit - Stealth Post-Exploitation Framework
jika ada kesalahan dan kekurangan mohon berikan masukan nya
sekian dan semoga bermanfaat...
Wasalamualaikum Wr.Wb...
Sumber : [https://github.com/nil0x42/phpsploit]
0 Comments